Control device, computer readable recording medium recording program for control device, and control method

ABSTRACT

A control device includes a communication unit configured to acquire control information on a vehicle from an information processing device in a wired or wireless communication, and a processing unit configured to execute a process of starting vehicle control based on the control information. The processing unit continues or suspends the process of starting vehicle control depending on a result of an authentication process on usage authority of the control information, and the authentication process is executed while the process of starting vehicle control is executed.

INCORPORATION BY REFERENCE

This is a Continuation of U.S. application Ser. No. 16/355,216, filedMar. 15, 2019, which claims the benefit of Japanese Patent ApplicationNo. 2018-068835, filed on Mar. 30, 2018. The disclosure of the priorapplications is hereby incorporated by reference herein in its entirety.

BACKGROUND 1. Technical Field

The disclosure relates to a control device, a computer readablerecording medium recording a program for a control device, and a controlmethod.

2. Description of Related Art

In recent years, service providers are concentrating on development andthe like related to automatic driving techniques of vehicles. Forexample, Japanese Unexamined Patent Application Publication No.2017-197066 (JP 2017-197066 A) discloses a technique for controllingautomatic driving based on information unique to a vehicle occupantreceived from a server in order to perform automatic driving that isoptimal for the vehicle occupant.

SUMMARY

When an interface for vehicle control is disclosed to a service providerso that vehicle control can be performed via the interface, it isconceivable to set usage authority according to control information onvehicle control. In this case, proper authority management is necessary.

The disclosure provides a control device, a computer readable recordingmedium recording a program for a control device, and a control method,which are capable of performing appropriate authority management in acase where usage authority is set in control information for a vehicle.

A control device according to a first aspect of the disclosure includes:a communication unit configured to acquire control information on avehicle from an information processing device via a wired or wirelesscommunication; and a processing unit configured to execute a process ofstarting vehicle control based on the control information, wherein theprocessing unit continues or suspends the process of starting vehiclecontrol depending on a result of an authentication process on usageauthority of the control information, and the authentication process isexecuted while the process of starting vehicle control is executed.

A computer readable recording medium according to a second aspect of thedisclosure, stores a program that causes a computer operating as acontrol device to execute: acquiring control information on a vehiclefrom an information processing device via a wired or wirelesscommunication; executing a process of starting vehicle control based onthe control information; and continuing or suspending the process ofstarting vehicle control depending on a result of an authenticationprocess on usage authority of the control information, wherein theauthentication process is executed while the process of starting vehiclecontrol is executed.

A control method according to a third aspect of the disclosure includes:acquiring control information on a vehicle from an informationprocessing device via a wired or wireless communication; executing aprocess of starting vehicle control based on the control information;and continuing or suspending the process of starting vehicle controldepending on a result of an authentication process on usage authority ofthe control information, wherein the authentication process is executedwhile the process of starting vehicle control is executed.

With the control device, the program for a control device, and thecontrol method according to the aspects of the disclosure, it ispossible to perform appropriate authority management in the case whereusage authority is set in control information for a vehicle.

BRIEF DESCRIPTION OF THE DRAWINGS

Features, advantages, and technical and industrial significance ofexemplary embodiments of the disclosure will be described below withreference to the accompanying drawings, in which like numerals denotelike elements, and wherein:

FIG. 1 is a diagram showing an overview of a vehicle control systemaccording to a first embodiment;

FIG. 2 is a block diagram showing a schematic configuration of a controldevice according to the first embodiment;

FIG. 3 is a diagram showing a structure of an application programminginterface (API);

FIG. 4 is a diagram showing an example of subscription information;

FIG. 5 is a block diagram showing a schematic configuration of aninformation processing device according to the first embodiment;

FIG. 6 is a block diagram showing a schematic configuration of a serveraccording to the first embodiment;

FIG. 7 is a flowchart showing an operation of the vehicle control systemaccording to the first embodiment;

FIG. 8 is a block diagram showing a schematic configuration of a vehicleaccording to a second embodiment;

FIG. 9 is a sequence diagram showing an operation of a vehicle controlsystem according to the second embodiment; and

FIG. 10 is a sequence diagram showing an operation of the vehiclecontrol system according to the second embodiment.

DETAILED DESCRIPTION OF EMBODIMENTS

Hereinafter, embodiments of the disclosure will be described.

Embodiment 1

An overview of a vehicle control system 1 according to one embodiment ofthe disclosure will be described with reference to FIG. 1. The vehiclecontrol system 1 includes a vehicle 10, an information processing device20, and a server 30. In FIG. 1, for the sake of simplicity ofexplanation, one vehicle 10 and one information processing device 20 areshown. However, the number of each of the vehicle 10 and the informationprocessing device 20 provided in the vehicle control system 1 may be setarbitrarily. The vehicle 10, the information processing device 20, andthe server 30 are connected to a network 40 such as the Internet or thelike.

The vehicle 10 is, for example, a car. However, the vehicle 10 is notlimited thereto and may be an arbitrary vehicle on which a person canboard. The information processing device 20 is an automatic driving kitincluding, for example, a computer in which automatic driving controlsoftware is installed, a camera, a sensor and the like. However, theinformation processing device 20 is not limited thereto and may be anarbitrary device. The server 30 includes one or more server devicescapable of making communication with each other. In the presentembodiment, for the sake of simplicity of explanation, it is assumedthat the server 30 is one server device.

In the vehicle control system 1 according to the present embodiment, thevehicle 10 and the information processing device 20 cooperate to executethe vehicle control of the vehicle 10. As an outline, the vehiclecontrol system 1 includes a below-described control device 12 as aninterface for the vehicle 10 to receive control information from theinformation processing device 20. The vehicle 10 that has acquired thecontrol information executes a process of starting vehicle control basedon the control information. At least a part of application programminginterface (API) that specifies the specifications of such controlinformation is disclosed to a service provider. This may promotetechnology development, creation of new mobility services, and the like,which are performed by the service provider. In this case, it isnecessary to perform appropriate authority management such as allowingonly a service provider having usage authority to use predeterminedcontrol information (for example, control information for controlling apart of expanded functions and the like). It is also necessary toprevent processing delay due to such management and to preventfalsification of information related to authority management, and thelike.

In the present embodiment, the usage authority is set for each controlinformation, and some control information can be used only by a serviceprovider having usage authority. In other words, some APIs can be usedonly by service providers having usage authority of APIs. The vehiclecontrol system 1 performs an authentication process on usage authorityso that only a service provider having usage authority to use controlinformation is allowed to perform vehicle control using the controlinformation.

In this regard, the vehicle control system 1 executes the authenticationprocess on the usage authority of the control information for thevehicle control while performing a process of starting vehicle control.That is to say, the process of starting vehicle control based on thecontrol information and the authentication process on the usageauthority of the control information are performed in parallel. Thevehicle 10 continues or suspends the process of starting vehicle controlaccording to the result of the authentication process on the usageauthority. That is to say, the vehicle control system 1 executes theprocess of starting vehicle control based on the acquired controlinformation, before obtaining the result of the authentication processon the usage authority of the control information. By executing theauthentication process on usage authority in parallel with the processof starting vehicle control, delay in the process related to vehiclecontrol can be prevented.

Next, each configuration of the vehicle control system 1 will bedescribed in detail.

(Configuration of Vehicle)

As shown in FIG. 1, the vehicle 10 includes a communication device 11,the control device 12, and a plurality of electronic control units(ECUs) 13. The communication device 11, the control device 12, and theplurality of ECUs 13 are communicably connected with one another via anin-vehicle network such as a controller area network (CAN) or the like,or a dedicated line.

The communication device 11 may be an in-vehicle communication devicesuch as a data communication module (DCM) or the like. In order to beconnected to the network 40, the communication device 11 may include acommunication module corresponding to a mobile communication standardsuch as 4th generation (4G), 5th generation (5G), or the like.

The control device 12 is a device that performs vehicle control based onthe control information transmitted from the information processingdevice 20. The vehicle control is, for example, automatic driving to adestination, but is not limited thereto. The automatic driving includes,for example, levels 1 to 5 as defined by the Society of AutomotiveEngineers (SAE), but is not limited thereto. The automatic driving maybe arbitrarily defined. Furthermore, the vehicle control is performed bycooperation between the control device 12 and the respective ECUs 13. Asshown in FIG. 2, the control device 12 includes a communication unit121, a storage unit 122, and a processing unit 123.

The communication unit 121 includes a communication module that makescommunication with the information processing device 20, thecommunication device 11, and the respective ECUs 13. For example, thecommunication unit 121 may include a communication module correspondingto a predetermined communication standard. An arbitrary communicationprotocol can be employed when the communication unit 121 communicateswith the information processing device 20. Moreover, the communicationunit 121 and the information processing device 20 may communicate witheach other by either wired communication or wireless communication. Forexample, hypertext transfer protocol (HTTP)-based representational statetransfer (REST) may be adopted as a communication protocol between thecommunication unit 121 and the information processing device 20.Furthermore, for example, a CAN may be adopted as a communicationprotocol when the communication unit 121 communicates with thecommunication device 11 and the respective ECUs 13. When thecommunication protocol with the information processing device 20 differsfrom the communication protocol with the communication device 11 and therespective ECUs 13, the communication unit 121 performs data conversionso as to conform to the communication protocol with the communicationdestination.

The storage unit 122 includes one or more memories. In the presentembodiment, the “memories” are, for example, semiconductor memories,magnetic memories, optical memories or the like, but are not limitedthereto. Each of the memories included in the storage unit 122 mayfunction as, for example, a main storage device, an auxiliary storagedevice, or a cache memory. The storage unit 122 stores arbitraryinformation used for the operation of the control device 12. Forexample, the storage unit 122 may store a system program, an applicationprogram, a database and the like. The information stored in the storageunit 122 may be updatable with, for example, information acquired fromthe network 40 via the communication device 11.

The processing unit 123 includes one or more processors. In the presentembodiment, the “processors” are general-purpose processors or dedicatedprocessors specialized for specific processes, but are not limitedthereto. The processing unit 123 controls the overall operation of thecontrol device 12.

For example, the processing unit 123 receives various kinds of vehicleinformation (speed, position, automatic driving state, etc.) related tothe vehicle 10 from the ECUs 13 and the like via the communication unit121. Furthermore, the processing unit 123 transmits the vehicleinformation to the information processing device 20 via thecommunication unit 121. In addition, the processing unit 123 transmitsthe vehicle information to the communication device 11 via thecommunication unit 121. The vehicle information is transmitted to theserver 30 by the communication device 11. Moreover, the processing unit123 receives below-described update information from the communicationdevice 11 via the communication unit 121. The update information isprovided from the server 30. The processing unit 123 transmits theupdate information to the information processing device 20 via thecommunication unit 121.

Upon acquiring the control information from the information processingdevice 20 via the communication unit 121, the processing unit 123executes a process of starting vehicle control on the vehicle 10 basedon the control information. As described above, the processing unit 123executes the process of starting vehicle control based on the controlinformation without waiting for the result of the authentication processon the usage authority of the control information.

Furthermore, the processing unit 123 performs an authentication processon the usage authority of the control information. When the processingunit 123 includes a plurality of processor cores, the process ofstarting vehicle control may be executed by a certain processor core,and the authentication process may be executed by another processor coredifferent from the processor core that executes the process of startingvehicle control. The authentication process on the usage authority isperformed based on the information on the service provider (serviceprovider identification information) related to the control informationand the API to be used. The control information includes the serviceprovider identification information and information on the API to beused. The authentication process on usage authority is executed based onsuch information included in the control information.

A plurality of APIs related to the control information is set accordingto the scope, function and the like of a controlled object. FIG. 3 is aconceptual diagram showing the structure of a plurality of APIs. Thestructure of the APIs illustrated in FIG. 3 is a hierarchical structurein which a plurality of APIs is classified into respective layersaccording to the scope of the controlled object. In FIG. 3, thestructure is composed of four hierarchies of API layers 51 to 54sequentially from the higher hierarchy. As an outline, the serviceprovider uses APIs of a high hierarchy, which allows the serviceprovider to perform vehicle control without becoming aware of controlcontents of hierarchies lower than the high hierarchy.

The API layer 51 is called a service layer API and is a hierarchy inwhich how the entire vehicle 10 is operated is packaged. For example, anAPI that provides an automatic driving service to a designated point isincluded in the API layer 51. The API layer 52 is called a system layerAPI and is a hierarchy that provides individual manipulations of systems(motors, steers, maps, etc.) constituting the vehicle 10. For example,an API for instructing the motor of the vehicle 10 to move forward isincluded in the API layer 52. When using the API that instructs forwardmovement, the vehicle speed may be determined by the vehicle 10, or maybe selected from a low speed, a medium speed, and a high speed. The APIlayer 53 is called a component layer API and is a hierarchy thatprovides individual manipulations of components(acceleration/deceleration controller, stereo, etc.) constituting thesystem. For example, an API for driving a motor by specifying forwardacceleration is included in the API layer 53. The API layer 54 is calleda module layer API and is a hierarchy that provides individualmanipulations of modules (for example, a torque map, etc.) that aredetailed functions constituting the components. For example, an API forinstructing a driving method (acceleration feeling, etc.) by designatinga constant value of a torque map is included in the API layer 54.

Among the API layers 51 to 53, APIs in a disclosure range A1 shown inFIG. 3 are disclosed to a service provider as a basic package at nocost. That is to say, all service providers have usage authority of theAPIs in the disclosure range A1. When the control device 12 acquirescontrol information related to an API in the disclosure range A1, allservice providers have usage authority. Therefore, it is not necessaryto perform an authentication process on usage authority.

Among the API layers 51 to 53, APIs in a disclosure range A2 in FIG. 3are disclosed to a service provider as expanded function APIs at a cost.For example, the disclosure range A2 is provided to the service providerwith a fee that is charged according to a disclosed range. Therefore,the APIs in the disclosure range A2 are different in usability for eachservice provider. The API layer 54 is not disclosed in principle.

FIG. 4 shows an example of subscription information for determining theusage authority of each service provider. The subscription informationincludes data in which service provider identification information andusage authority are associated with all service providers having usageauthority. For example, the subscription information is received fromthe server 30 via the communication device 11 and is stored in thestorage unit 122. In this regard, the service provider identificationinformation is identification information uniquely defining the serviceprovider. The usage authority indicates expanded function APIs of whichthe service provider has usage authority. In this regard, it is assumedthat all of API1 to API6 are expanded function APIs.

As shown in FIG. 4, for example, a service provider having serviceprovider identification information of “001” has usage authority of API1to API5. Based on such information, the processing unit 123 can performan authentication process on the usage authority of each serviceprovider. For example, in a case where an authentication process isperformed with respect to the control information related to API5including “001” as the service provider identification information, theresult of the authentication process is “valid”. However, for example,in a case where an authentication process is performed with respect tothe control information related to API6 including “001” as the serviceprovider identification information, the authentication result is“invalid” because such control information has no usage authority of theAPI.

The processing unit 123 continues or suspends a process of startingvehicle control depending on the result of the authentication process.For example, when the authentication result is “valid”, the processingunit 123 continues the process of starting vehicle control. On the otherhand, when the authentication result is “invalid”, the processing unit123 suspends the process of starting vehicle control. In this regard,the process of starting vehicle control includes a process of generatinga control command (for example, a command related to a run, turn, andstop of the vehicle 10) based on the control information and a processof transmitting the generated control command to the ECUs 13 via thecommunication unit 121. When continuing the process of starting vehiclecontrol, the control command generation and transmission processes arecontinuously performed. Therefore, the control of the vehicle 10 isexecuted according to the control command. On the other hand, whensuspending the process of starting vehicle control, the control commandgeneration and transmission processes are suspended. In this case, thecontrol command is not transmitted to the ECUs 13. Therefore, thecontrol of the vehicle 10 according to the control command is notexecuted. When the process of starting vehicle control is suspended, theprocessing unit 123 may transmit information, which indicates that theprocess of starting vehicle control has been suspended, to theinformation processing device 20 via the communication unit 121.

The ECUs 13 perform vehicle control in cooperation with the controldevice 12. Specifically, the ECUs 13 receive a control command based onthe control information from the control device 12 and control thevehicle 10 according to the control command. The control commandincludes, for example, an acceleration, deceleration, and braking of thevehicle 10, steering operation, a stereo operation, an air conditioningoperation, a security alarm, and the like. The ECUs 13 perform suchcontrol with respect to power sources, in-vehicle devices and the likebased on the control command. In addition, the ECUs 13 collect thevehicle information on the vehicle 10 and transmit the vehicleinformation to the control device 12.

(Configuration of Information Processing Device)

As shown in FIG. 5, the information processing device 20 includes acommunication unit 21, a storage unit 22, a sensor unit 23, and acontrol unit 24. The information processing device 20 is mounted on, forexample, a roof top of the vehicle 10. The location at which theinformation processing device 20 is mounted is not limited thereto. Theinformation processing device 20 may be mounted at any arbitrary placeoutside the vehicle 10 or in the passenger compartment.

The communication unit 21 includes a communication module connected tothe control device 12 of the vehicle 10. For example, the communicationunit 21 is connected to the control device 12 via a wired network or awireless network.

The storage unit 22 includes one or more memories. Each of the memoriesincluded in the storage unit 22 may function as, for example, a mainstorage device, an auxiliary storage device, or a cache memory. Thestorage unit 22 stores arbitrary information used for the operation ofthe information processing device 20. For example, the storage unit 22stores a system program, an application program, service provideridentification information and the like. The application programincludes the automatic driving control software described above. In thiscase, the information processing device 20 functions as an automaticoperation kit by the automatic driving control software. The informationstored in the storage unit 22 may be updateable with, for example, theupdate information acquired from the control device 12 via thecommunication unit 21.

The sensor unit 23 includes one or more sensors that detect informationon the operation of the information processing device 20 or thesurrounding environment. For example, the sensor unit 23 may include alight detection and ranging (LIDAR), an acceleration sensor, an angularvelocity sensor, a magnetic sensor, an atmospheric pressure sensor andthe like. The sensor unit 23 is not limited thereto and may include anarbitrary sensor, for example, an illuminance sensor, a temperaturesensor, or an image sensor (camera). The sensor unit 23 acquiresinformation detected by each sensor as sensor information. For example,the sensor information of the sensor unit 23 may include LIDAR detectioninformation, an acceleration, an angular velocity, a magnetic field, anatmospheric pressure and the like.

The control unit 24 includes one or more processors. The control unit 24controls the overall operation of the information processing device 20.

For example, the control unit 24 accumulates the sensor informationacquired by the sensor unit 23 in the storage unit 22. Furthermore, thecontrol unit 24 receives vehicle information and update information fromthe control device 12 via the communication unit 21. Moreover, thecontrol unit 24 generates control information based on the sensorinformation, the vehicle information and the like, and transmits thecontrol information to the control device 12 via the communication unit21. When the service provider identification information is stored inthe storage unit 22, the control unit 24 may generate controlinformation using the stored service provider identificationinformation.

(Configuration of Server)

As shown in FIG. 6, the server 30 includes a server communication unit31, a server storage unit 32, and a server control unit 33.

The server communication unit 31 includes a communication moduleconnected to the network 40. For example, the server communication unit31 may include a communication module corresponding to a predeterminedwired standard or wireless standard. In the present embodiment, theserver 30 is connected to the network 40 via the server communicationunit 31.

The server storage unit 32 includes one or more memories. Each of thememories included in the server storage unit 32 may function as, forexample, a main storage device, an auxiliary storage device, or a cachememory. The server storage unit 32 stores arbitrary information used forthe operation of the server 30. For example, the server storage unit 32may store a system program, an application program, a managementdatabase and the like. The information stored in the server storage unit32 may be updateable with, for example, the information acquired fromthe network 40 via the server communication unit 31.

The server control unit 33 shown in FIG. 6 includes one or moreprocessors. The server control unit 33 controls the overall operation ofthe server 30.

For example, the server control unit 33 receives vehicle informationfrom the vehicle 10 via the server communication unit 31. The servercontrol unit 33 may accumulate the vehicle information in the serverstorage unit 32. Based on the accumulated information, the servercontrol unit 33 may provide a service provider with informationnecessary for various finances such as leasing, insurance and the likerelated to the vehicle 10, vehicle maintenance in cooperation withdealers, and the like. Furthermore, based on the accumulatedinformation, the server control unit 33 may disclose an API capable ofmanaging information, such as status and dynamic management of thevehicle 10, required by a service provider. The service provider caneasily obtain necessary information via the API.

The server control unit 33 may manage the subscription information. Forexample, the server control unit 33 may execute a process related toapplication for use, updating, termination and the like of the API fromthe service provider and create and update the subscription information.In addition, the server control unit 33 may transmit such subscriptioninformation to the vehicle 10 via the server communication unit 31.

The server control unit 33 may transmit the update information of thesystem program, the application program and the like of the informationprocessing device 20 to the vehicle 10 via the server communication unit31. The vehicle 10 receives the update information by the communicationdevice 11 and transmits the update information to the informationprocessing device 20 via the control device 12. In other words, theservice provider related to the information processing device 20 canprovide the update information on the information processing device 20by over-the-air (OTA) using the server 30. Thus, it is possible toeasily perform maintenance, updating and the like of the informationprocessing device 20.

(Operation Flow of Information Processing System)

A flow of operations of the vehicle control system 1 will be describedwith reference to FIG. 7. Each time when the vehicle control system 1acquires control information from the information processing device 20,the vehicle control system 1 executes following steps S101 to S106.

Step S101: The information processing device 20 transmits controlinformation to the vehicle 10. The control device 12 of the vehicle 10acquires the control information transmitted from the informationprocessing device 20.

Step S102: The control device 12 of the vehicle 10 executes a process ofstarting vehicle control on the vehicle 10 based on the controlinformation.

Step S103: While performing the process of starting vehicle control, thecontrol device 12 of the vehicle 10 starts and executes anauthentication process on the usage authority of the controlinformation.

Step S104: When the control device 12 determines, as a result of theauthentication process, that the usage authority of the controlinformation is valid (if “YES” in step S104), the process proceeds tostep S105. On the other hand, when the control device 12 determines, asa result of the authentication process, that the usage authority of thecontrol information is not valid (if “NO” in step S104), the processproceeds to step S106.

Step S105: The control device 12 continues the process of startingvehicle control. That is to say, the process of starting vehicle controlis executed until the process of starting vehicle control comes to anend, and the control device 12 transmits a control command to the ECUs13.

Step S106: The control device 12 suspends the process of startingvehicle control. That is to say, the process of starting vehicle controlis suspended before the process of starting vehicle control comes to anend, and the control device 12 does not generate a control command. Evenwhen a control command is generated, the control device 12 does nottransmit the generated control command to the ECUs 13.

As described above, with embodiment 1, when the usage authority is setfor the control information of the vehicle 10, the control device 12 ofthe vehicle 10 continues or suspends the process of starting vehiclecontrol depending on the result of the authentication process on theusage authority. Therefore, it is possible to perform appropriateauthority management. Furthermore, upon acquiring the controlinformation from the information processing device 20, the controldevice 12 executes the process of starting vehicle control based on thecontrol information. The authentication process is executed while theprocess of starting vehicle control is executed, and the control device12 continues or suspends the process of starting vehicle controldepending on the result of the authentication process. As describedabove, with the vehicle control system 1 of the present embodiment, theprocess of starting vehicle control is executed without waiting for theresult of the authentication process after acquiring the controlinformation from the information processing device 20. This makes itpossible to properly prevent delay in vehicle control.

(Embodiment 2) Next, embodiment 2 will be described. FIG. 8 is a blockdiagram showing a schematic configuration of a vehicle 10 b according toembodiment 2 of the present disclosure. The same configurations as thoseof embodiment 1 are designated by like reference numerals, and theexplanation thereof is omitted. In the vehicle 10 b according toembodiment 2, the subscription information necessary for theauthentication process on the usage authority is configured by a blockchain 137 managed by each of ECUs 131 to 136 (hereinafter, alsocollectively referred to as ECUs 13 b). That is to say, the ECUs 131 to136 are connected by a peer-to peer (P2P) architecture, and each of theECUs 131 to 136 has the block chain 137 and functions as a node formanaging the block chain 137. The ECUs 131 to 136 execute anauthentication process on usage authority using the block chain 137.Although six ECUs 13 b are shown in FIG. 8 for the sake of simplicity ofexplanation, the number of ECUs may be arbitrarily set. Hereinafter, aflow of operations of the vehicle control system 1 according toembodiment 2 will be described with reference to FIGS. 9 and 10.

Step S201: The information processing device 20 transmits controlinformation to the vehicle 10 b. The control device 12 of the vehicle 10b acquires the control information transmitted from the informationprocessing device 20. This step corresponds to step S101 of embodiment1.

Step S202: The control device 12 of the vehicle 10 b executes a processof starting vehicle control on the vehicle 10 b based on the controlinformation. This step corresponds to step S102 of embodiment 1.

Step S203: The control device 12 requests the ECUs 13 b to perform anauthentication process on usage authority of the control information.

Step S204: The ECUs 13 b that have received the request forauthentication process starts the authentication process.

Step S205: The ECUs 13 b execute the authentication process based on thesubscription information constituted by the block chain 137, andterminates the authentication process.

Step S206 a: The ECUs 13 b transmit the result of the authenticationprocess to the control device 12. FIG. 9 shows a case where the resultof the authentication process is valid.

Step S207 a: The control device 12 receives the result of theauthentication process. Since the authentication result is valid here,the control device 12 continues the process of starting vehicle control.

Step S208: The control device 12 terminates the process of startingvehicle control. That is to say, the control device 12 transmits thegenerated control command to the ECUs 13 b.

FIG. 10 shows a flow of operations in the case where the authenticationresult is invalid. The same operations as those shown in FIG. 9 aredesignated by like reference numerals, and the explanation thereof isomitted. In FIG. 10, the authentication result is invalid and the resultis transmitted to the control device 12 (step S206 b). In this case, thecontrol device 12 suspends the process of starting vehicle control (stepS207 b).

As described above, with embodiment 2, when the usage authority is setin the control information of the vehicle 10 b, the control device 12 ofthe vehicle 10 b continues or suspends the process of starting vehiclecontrol depending on the result of the authentication process on theusage authority. This makes it possible to perform proper authoritymanagement. In addition, the subscription information necessary for theauthentication process on the usage authority is constituted by theblock chain 137. For this reason, falsification of the subscriptioninformation is very difficult, and reliability of the authoritymanagement can be enhanced. Furthermore, each of the ECUs 13 b has thesubscription information constituted by the block chain 137. Therefore,even if the subscription information possessed by one of the ECUs 13 bis damaged, it is possible to restore the damaged subscriptioninformation based on the subscription information possessed by otherECUs 13 b. This makes it possible to enhance usability of the system.Furthermore, by utilizing each of the ECUs 13 b of the vehicle 10 b as anode of the block chain 137, it is not necessary to use another computeror the like for managing the block chain 137. This makes it possible toreduce the cost for system construction.

While the disclosure has been described with reference to the drawingsand examples, it should be noted that those skilled in the art caneasily make various changes and modifications based on the presentdisclosure. It is therefore to be noted that these changes andmodifications fall within the scope of the disclosure. For example, thefunctions and the like included in the respective means or therespective steps may be relocated so as not to be logicallycontradictory, and a plurality of means or steps may be combined intoone or may be divided.

For example, the above-described embodiments have been described with anexample where, by utilizing the fact that the process of startingvehicle control is higher in processing load and longer in processingtime than the authentication process on usage authority, theauthentication process on usage authority is executed after the processof starting vehicle control has been executed by the control device 12.Even in such a case, it is likely that the authentication result can beobtained before the process of starting vehicle control is terminated.This makes it possible to prevent delay in processing. When theauthentication process on usage authority is executed simultaneouslywith the execution of the process of starting vehicle control by thecontrol device 12, it is possible to further increase the possibility ofobtaining the authentication result before the end of the process ofstarting vehicle control. Also, the authentication process on usageauthority may be executed before the execution of the process ofstarting vehicle control by the control device 12. In any of the abovecases, by executing the process of starting vehicle control and theauthentication process in parallel, it is possible to prevent delay inprocessing as compared with a case where the process of starting vehiclecontrol is executed after obtaining the authentication result. If theauthentication result is not obtained at the end of the process ofstarting vehicle control, the control device 12 does not transmit acontrol command based on the process of starting vehicle control untilthe authentication result is obtained. That is to say, the controldevice 12 waits until the authentication result is obtained, anddetermines whether or not to transmit a control command depending on theresult of the authentication process. By doing so, it is possible toperform proper authority management.

For example, in the above-described embodiments, each time when thecontrol information is acquired, the authentication process on usageauthority is executed and the vehicle control is continued or suspendeddepending on the result of the authentication process. However, thefrequency of the authentication process may be changed as appropriate.For example, when the authentication process has been performed once foreach piece of control information, the authentication process may not beperformed again for the control information within a trip on which theauthentication process has been performed. That is to say, when theauthentication process has been performed once within a time period fromturning ignition of a vehicle on to turning the ignition off, theauthentication process may not be performed again within that timeperiod. In such a case, it is possible to reduce the processing load dueto the authentication process.

The above-described embodiments have been described with an examplewhere the APIs related to the control information are constituted by thefour hierarchies of the API layers 51 to 54. However, the number ofhierarchies is not limited to four and may be larger or fewer than four.Moreover, the classification of the APIs into the hierarchies is notlimited to the above-described embodiments and may be arbitrarily set.Furthermore, the structure of the APIs need not be a hierarchicalstructure, but may be any other arbitrary structure. The above-describedembodiments have been described with an example where the disclosurerange A1 shown in FIG. 3 is disclosed at no cost. However, thedisclosure range A1 may also be disclosed at a cost. In addition, theabove-described embodiments have been described with an example wherethe usage authority of the APIs is given based on the fee charged forthe service provider. However, the method of setting usage authority isnot limited thereto. The usage authority may be given to each serviceprovider based on arbitrary conditions.

The above-described embodiments have been described with an example inwhich the storage unit 122 stores the subscription information of allthe service providers having usage authority on control information.However, the disclosure is not limited thereto. For example, among allthe service providers having usage authority on control information,only the subscription information of the service providers who arelikely to use the control information for the vehicle 10 may be storedin the storage unit 122. The service providers who are likely to use thecontrol information for the vehicle 10 may be specified by transmittingservice provider identification information from the informationprocessing device 20 to the control device 12 when the informationprocessing device 20 is connected to the vehicle 10 for the first time.

For example, in embodiment 1, the authentication process on usageauthority is executed by the control device 12. However, the disclosureis not limited thereto. In embodiment 1, the ECUs 13 may execute theauthentication process during the execution of the process of startingvehicle control, and the control device 12 that receives theauthentication result may continue or suspend the process of startingvehicle control. Even in this case, it is possible to perform properauthority management, inasmuch as the process of starting vehiclecontrol is continued or suspended depending on the authenticationresult. In addition, since the process of starting vehicle control isexecuted without waiting for the result of the authentication processafter acquiring the control information from the information processingdevice 20, it is possible to appropriately prevent delay in vehiclecontrol. The authentication process may be requested to the server 30 orthe like, instead of the ECUs 13. In such a case, the processing unit123 may transmit a request for authentication process to the server 30via the communication device 11 and may receive the result of theauthentication process from the server 30. When the authenticationprocess on the usage authority is performed by the ECUs 13 or the server30 as described above, the ECUs 13 or the server 30 may have thesubscription information.

Embodiment 2 has been described with an example where the ECUs 13 b ofthe vehicle 10 b are used as nodes that manage the block chain 137.However, the control device 12 may be used as a node that manages theblock chain 137. ECUs of other surrounding vehicles may be used as nodesthat manage the block chain 137. In this case, the vehicle 10 b may beconnected to other surrounding vehicles through vehicle-to-vehiclecommunication. Also, the server 30 may be used as a node that managesthe block chain 137. That is to say, an arbitrary computer may functionas a node that manages the block chain 137.

For example, a general-purpose electronic device may be configured tofunction as the control device 12 according to the above-describedembodiments. Specifically, a program describing process contents forrealizing each function of the control device 12 according to theembodiments is stored in a memory of an electronic device. The programis read out and executed by a processor of the electronic device.Therefore, the disclosure according to the embodiments can also berealized as a program executable by a processor, and a computer readablerecording medium recording the program.

In addition to the examples described above, the network 40 according tothe embodiments may include an ad hoc network, a local area network(LAN), a metropolitan area network (MAN), a cellular network, a wirelesspersonal area network (WPAN), a public switched telephone network(PSTN), a terrestrial wireless network, an optical network, othernetworks, or any combination thereof. Components of a wireless networkinclude, for example, an access point (e.g., Wi-Fi access point), afemtocell and the like. In addition, a wireless communication device maybe connected to a wireless network using Wi-Fi (registered trademark),Bluetooth (registered trademark), cellular communication technology, orother wireless technology and technical standards.

What is claimed is:
 1. A control device for use with a vehicle having aplurality of Electronic Control Units (ECUs), the control devicecomprising: a communication unit configured to acquire controlinformation on the vehicle from an information processing device via awired or wireless communication; and a processing unit configured to:execute a process of starting vehicle control based on the controlinformation, and execute an authentication process on usage authority ofthe control information concurrently, the authentication process beingexecuted based on subscription information of all service providershaving the usage authority of the control information, wherein: thesubscription information of all service providers is constituted in ablock chain, and one or more ECU in the plurality of ECUs function as anode that manages the block chain.
 2. The control device according toclaim 1, wherein each time when the processing unit acquires the controlinformation, the processing unit continues or suspends the process ofstarting vehicle control depending on a result of the authenticationprocess.
 3. The control device according to claim 1, wherein theauthentication process is executed by one or more ECU in the pluralityof ECUs.
 4. The control device according to claim 1, wherein theauthentication process is executed based on subscription information ofall service providers having the usage authority of the controlinformation.
 5. The control device according to claim 1, wherein theauthentication process is executed based on subscription information ofservice providers that use the control information for the vehicle,among all service providers having the usage authority of the controlinformation.
 6. The control device according to claim 1, wherein whenthe process of starting vehicle control is suspended, a control commandgeneration process and a vehicle transmission process are suspended. 7.The control device according to claim 1, wherein the usage authority ofthe control information is stored in the block chain.
 8. Anon-transitory computer readable recording medium storing a program thatcauses a computer serving as a control device for use with a vehiclehaving a plurality of Electronic Control Units (ECUs), the programcausing the computer to perform steps comprising: acquiring controlinformation on the vehicle from an information processing device via awired or wireless communication; executing a process of starting vehiclecontrol based on the control information; and executing anauthentication process on usage authority of the control informationconcurrently, the authentication process being executed based onsubscription information of all service providers having the usageauthority of the control information, wherein: the subscriptioninformation of all service providers is constituted in a block chain,and one or more ECU in the plurality of ECUs function as a node thatmanages the block chain.
 9. The non-transitory computer readablerecording medium according to claim 8, wherein when the process ofstarting vehicle control is suspended, a control command generationprocess and a vehicle transmission process are suspended.
 10. Thenon-transitory computer readable recording medium according to claim 8,wherein the usage authority of the control information is stored in theblock chain.
 11. A control method for use with a vehicle having aplurality of Electronic Control Units (ECUs), the control methodcomprising: acquiring control information on the vehicle from aninformation processing device in a wired or wireless communication;executing a process of starting vehicle control based on the controlinformation; and executing an authentication process on usage authorityof the control information concurrently, the authentication processbeing executed based on subscription information of all serviceproviders having the usage authority of the control information,wherein: the subscription information of all service providers isconstituted in a block chain, and one or more ECU in the plurality ofECUs function as a node that manages the block chain.
 12. The controlmethod according to claim 11, wherein when the process of startingvehicle control is suspended, a control command generation process and avehicle transmission process are suspended.
 13. The control methodaccording to claim 11, wherein the usage authority of the controlinformation is stored in the block chain.
 14. A control device for usewith a vehicle having a plurality of Electronic Control Units (ECUs),the control device comprising: a network interface configured to acquirecontrol information on the vehicle from an information processing devicevia a wired or wireless communication; and at least one ECU in theplurality of ECUs is programmed to: execute a process of startingvehicle control based on the acquired control information, and executean authentication process on usage authority of the control informationconcurrently, the authentication process being executed based onsubscription information of all service providers having the usageauthority of the control information, wherein: the subscriptioninformation of all service providers is constituted in a block chain,and one or more ECU in the plurality of ECUs function as a node thatmanages the block chain.
 15. The control device according to claim 14,wherein each time the control information is acquired by the at leastone ECU, the at least one ECU continues or suspends the process ofstarting vehicle control depending on the result of the authenticationprocess.
 16. The control device according to claim 14, wherein the atleast one ECU executes the authentication process.
 17. The controldevice according to claim 14, wherein the authentication process isexecuted based on subscription information of all service providershaving the usage authority of the control information.
 18. The controldevice according to claim 14, wherein the authentication process isexecuted based on subscription information of service providers that usethe control information for the vehicle, among all service providershaving the usage authority of the control information.
 19. The controldevice according to claim 14, wherein when the process of startingvehicle control is suspended, a control command generation process and avehicle transmission process are suspended such that vehicle controlcommands are not executed by the at least one ECU.
 20. The controldevice according to claim 14, wherein the usage authority of the controlinformation is stored in the block chain, and each of the at least oneECU stores the block chain.